becomes even more critical for implementations structured according to
Service Oriented Architecture (SOA) principles, due to loose coupling
of services and applications, and their possible operations across
trust boundaries. To enable a business so that its processes and
applications are flexible, you must start by expecting changes – both
to process and application logic, as well as to the policies associated
with them. Merely securing the perimeter is not sufficient for a
flexible on demand business.
In this redbook security is factored into the SOA life cycle reflecting
the fact that security is a business requirement, and not just a
technology attribute. We discuss a SOA security model that captures the
essence of security services and securing services. These approaches to
SOA security are discussed in the context of some scenarios, and
observed patterns. We also discuss a reference model to address the
requirements, patterns of deployment, and usage, and an approach to an
integrated security management for SOA.